Collaborate Disseminate
As I understand from reading another question here, SRAM may be more dangerous than traditional volatile RAM in terms of storing passwords and other sensitive information.
I know that when a computer is shut down, any data in the RAM (if i… Continue reading Static RAM: Detecting presence and wiping?
I understand that nowadays passwords are not stored in plaintext, only as password + salt and hashed (minimum). But I haven’t found any exact confirmation that gpg does NOT store (cache, place in RAM) the passphrase in plaintext.
And if a … Continue reading GPG passphrase in the cache as a hash?
When users are entering a new passphrase somewhere, it’s helpful to provide feedback on the number of characters received by the system.
In a user experience (UX) test I just ran, my user created a passphrase in her password manager, and t… Continue reading Is it insecure to display the number of characters when users enter a new passphrase?
If I am not wrong, both private key and public key are the same since communication is possible only if both keys are matching. So, why we should only keep the private key secret, why not public key? When I generate a key by ssh-keygen com… Continue reading Why should we only keep the private key secret, why not the public key?
Alice bought 1 Bitcoin and encrypted her wallet.dat in Bitcoin Core.
Samantha, Alice’s friend, notices the Bitcoin price skyrocketing and, while Alice is in the bathroom, steals Alice’s wallet.dat as well as important.txt and goes home.
Th… Continue reading Does knowing part of a passphrase for sure really mean that you can "disregard" that entire part when trying to crack it?
Let’s say that my passphrase is:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaapassword9
Yes, it looks ridiculous. But only because we already know it. An attacker, trying to brute-force their way into this passphrase, has zero knowledge about i… Continue reading How can the passphrase matter besides the very most obvious patterns?
getapassphrase.com is a website that generates passphrases. The user sets a complexity in bits, and the site spits out results like:
liberal panda and ill asp decline young suit in Kansas
or
rowdy whale and tired DJ build brown harp in Ber… Continue reading How secure is the getapassphrase.com approach to password generation?
I’m reading about Diceware and cryptography in general and I know how secure Diceware can be. I stumble upon this part on The Intercept about Diceware and it says:
"You don’t so much need them for logging into a website or something
… Continue reading Diceware as a passphrase for online accounts
I got 5 dice and opened EFF’s wordlist, and generated a random five-word passphrase (all letters small with spaces, no punctuation) for my PC.
The words were making up a meaningful scene in my mind, so I made a complete sentence out of the… Continue reading Randomly selected words converted into sentence. Did I lose passphrase strength or gain it?
Some of my colleague give me 2 file of private key (one is encrypted and the other is decrypted) and a passphrase. But it seems that is the wrong passphrase.
Is it even possible to recover the pass phrase with the ecrypted and decrypted pr… Continue reading openssl, recover passphrase with encrypted and not encrypted file